USN-3749-1: Spidermonkey vulnerabilities

Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code...

[SECURITY] Fedora 28 Update: python-XStatic-jquery-ui-1.12.0.1-2.fc28

JavaScript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements...

[SECURITY] Fedora 27 Update: python-XStatic-jquery-ui-1.12.0.1-2.fc27

JavaScript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements...

dns-sync Command Injection Vulnerability

dns-sync is a library used in Node.js that allows to resolve hostnames in a synchronized way. A security vulnerability exists in dns-sync. An attacker can exploit this vulnerability to inject commands with untrusted user input...

CVE-2016-10681

roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...

[SECURITY] Fedora 25 Update: python-XStatic-jquery-ui-1.12.0.1-4.fc25

jquery-ui javascript library packaged for setuptools easyinstall / pip...

Debian: Security Advisory (DSA-4024-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4020-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release jessie, Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongl...

CVE-2015-7980

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

Debian DSA-3985-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. - CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. - CVE-2017-5113 A buffer overflow issue was discover...

CVE-2017-0893

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventi...

CVE-2017-0893

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventi...

Debian Security Advisory DSA 3810-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5029 Holger Fuhrmannek discovered an integer overflow issue in the libxslt library. CVE-2017-5030 Brendon Tiszka discovered a memory corruption issue in the v8 javascript library. CVE-2017-5031 Looben Yang discover...

Debian Security Advisory DSA 3776-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting issue...

Debian DSA-3776-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. - CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. - CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting...

UBUNTU-CVE-2013-7453

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via vectors related to UI redressing...

[SECURITY] Fedora 24 Update: js-jquery-2.2.4-1.fc24

jQuery is a fast, small, and feature-rich JavaScript library. It makes thin gs like HTML document traversal and manipulation, event handling, animation, a nd Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility,...

[SECURITY] Fedora 25 Update: js-jquery1-1.12.4-2.fc25

jQuery is a fast, small, and feature-rich JavaScript library. It makes thin gs like HTML document traversal and manipulation, event handling, animation, a nd Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility,...

[SECURITY] Fedora 25 Update: js-jquery-2.2.4-1.fc25

jQuery is a fast, small, and feature-rich JavaScript library. It makes thin gs like HTML document traversal and manipulation, event handling, animation, a nd Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility,...

Debian DSA-3731-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5181 A cross-site scripting issue was discovered. - CVE-2016-5182 Giwan Go discovered a heap overflow issue. - CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5184 Another...